app/controllers/api/vcs.php (1)

1183-1195: See earlier comment on Lines 976-988 about decoding the GitHub content before parsing; the same fix is required here.

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

app/controllers/api/vcs.php (1)

17-17: Decode GitHub .env file content before parsing (and treat it as text, not base64)

In both .env-scanning blocks you read the GitHub Contents API content field and split it directly:

$contentResponse = $github->getRepositoryContent(...);
$envFile = $contentResponse['content'] ?? '';
$envLines = \explode("\n", $envFile);

The GitHub Contents API returns content base64‑encoded, so this code parses base64 blobs instead of the actual .env text. That makes all suggested variable names effectively garbage and breaks the feature.

This is the same issue that was already raised in a previous review comment for this file; it still needs to be fixed. A robust pattern for both blocks would be:

-    $envFile = $contentResponse['content'] ?? '';
+    $envFileEncoded = $contentResponse['content'] ?? '';
+    if (empty($envFileEncoded)) {
+        return;
+    }
+
+    $envFile = \base64_decode($envFileEncoded, true);
+    if ($envFile === false) {
+        // Skip invalid content instead of trying to parse it
+        return;
+    }

Then continue with explode("\n", $envFile) on the decoded string. Please apply this in both the detection endpoint block and the repositories listing block.

Also applies to: 968-1005, 1182-1217

src/Appwrite/Utopia/Response/Model/Detection.php (1)

8-21: Shared variables rule looks correct

The shared variables rule (array of MODEL_DETECTION_VARIABLE) is wired correctly for Detection-based models, and the subclasses’ parent::__construct() calls will ensure it’s always present. Note that with required => false the default value isn’t used by Response::output(), but that’s a harmless no-op.

app/controllers/api/vcs.php (1)

968-1005: Promote .env variables to proper DetectionVariable documents and de-duplicate parsing logic

Two smaller structural points:

1. Use Document for variables to leverage model validation

   The Detection models define variables as type => MODEL_DETECTION_VARIABLE, array => true, but here you push plain arrays. If you instead wrap each variable as a Document before calling dynamic()/output(), you’ll get consistent filtering and defaults from the DetectionVariable model:

•    $variables[] = [
  

•        'name'  => $key,
  

•        'value' => $value,
  

•    ];
  

•    $variables[] = new Document([
  

•        'name'  => $key,
  

•        'value' => $value,
  

•    ]);
  

  
  Same idea for `$repo['variables']`.
  
  

2. Extract shared .env parsing into a helper

   The two env blocks are almost identical. A small private helper (or even a closure above) that takes $github, repo coordinates, and returns the variables array would reduce duplication and keep behavior consistent if you tweak parsing later.

These are not blockers but would improve maintainability and data consistency.

Also applies to: 1182-1217

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro